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The literature on concurrency theory offers a wealth of examples of characteristic-formula construc- 
tions for various behavioural relations over finite labelled transition systems and Rripke structures 
that are defined in terms of fixed points of suitable functions. Such constructions and their proofs of 
correctness have been developed independently, but have a common underlying structure. This study 
provides a general view of characteristic formulae that are expressed in terms of logics with a facility 
for the recursive definition of formulae. It is shown how several examples of characteristic-formula 
constructions from the literature can be recovered as instances of the proposed general framework, 
and how the framework can be used to yield novel constructions. 

1 Introduction 

Various types of automata are fundamental formalisms for the description of the behaviour of comput- 
ing systems. For instance, a widely used model of computation is that of labelled transition systems 
(LTSs) |fl9l . LTSs underlie Plotkin's Structural Operational Semantics lf30ll and, following Milner's pio- 
neering work on CCS (271, are by now the formalism of choice for describing the semantics of various 
process description languages. 

Since automata like LTSs can be used for describing specifications of process behaviours as well as 
their implementations, an important ingredient in their theory is a notion of behavioural equivalence or 
preorder between (states of) LTSs. A behavioural equivalence describes formally when (states of) LTSs 
afford the same 'observations', in some appropriate technical sense. On the other hand, a behavioural 
preorder is a possible formal embodiment of the idea that (a state in) an LTS affords at least as many 'ob- 
servations' as another one. Taking the classic point of view that an implementation correctly implements 
a specification when each of its observations is allowed by the specification, behavioural preorders may 
therefore be used to establish the correctness of implementations with respect to their specifications, and 
to support the stepwise refinement of specifications into implementations. 

The lack of consensus on what constitutes an appropriate notion of observable behaviour for reactive 
systems has led to a large number of proposals for behavioural equivalences and preorders for concurrent 
processes. In his by now classic paper fBI . van Glabbeek presented a taxonomy of extant behavioural 
preorders and equivalences for processes. 

The approach to the specification and verification of reactive systems in which automata like LTSs 
are used to describe both implementations and specifications of reactive systems is often referred to as 
implementation verification or equivalence checking. 
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An alternative approach to the specification and verification of reactive systems is that of model 
checking [[7] 0132]]. In this approach, automata are still the formalism of choice for the description of the 
actual behaviour of a concurrent system. However, specifications of the expected behaviour of a system 
are now expressed using a suitable logic, for instance, a modal or temporal logic |fl2l l3TTl . Verifying 
whether a concurrent process conforms to its specification expressed as a formula in the logic amounts 
to checking whether the automaton describing the behaviour of the process is a model of the formula. 

It is natural to wonder what the connection between these two approaches to the specification and 
verification of concurrent computation is. A classic, and most satisfying, result in the theory of concur- 
rency is the characterization theorem of bisimulation equivalence 11271 [29l in terms of Hennessy-Milner 
logic (HML) due to Hennessy and Milner ifTTl . This theorem states that two bisimilar processes satisfy 
the same formulae in Hennessy-Milner logic, and if the processes satisfy a technical finiteness condi- 
tion, then they are also bisimilar when they satisfy the same formulae in the logic. This means that, for 
bisimilarity and HML, the process equivalence induced by the logic coincides with behavioural equiva- 
lence, and that, whenever two processes are not equivalent, we can always find a formula in HML that 
witnesses a reason why they are not. This distinguishing formula is useful for debugging purposes, and 
can be algorithmically constructed for finite processes — see, e.g., Il20ll25l . 

The characterization theorem of Hennessy and Milner is, however, less useful if we are interested 
in using it directly to establish when two processes are behaviourally equivalent using model checking. 
Indeed, that theorem seems to indicate that to show that two processes are equivalent we need to check 
that they satisfy the same formulae expressible in the logic, and there are countably many such formulae, 
even modulo logical equivalence. Is it possible to find a single formula that characterizes the bisimu- 
lation equivalence class of a process p — in the sense that any process is bisimilar to p if, and only if, 
it affords that property? Such a formula, if it exists, is called a characteristic formula. When a char- 
acteristic formula for a process modulo a given notion of behavioural equivalence or preorder can be 
algorithmically constructed, implementation verification can be reduced to model checking, and we can 
translate automata to logic. (An investigation of the model checking problems that can be reduced to 
implementation verification may, for instance, be found in the paper fil.) 

Characteristic formulae provide a very elegant connection between automata and logic, and between 
implementation verification and model checking. But, can they be constructed for natural, and suitably 
expressive, automata-based models and known logics of computation? To the best of our knowledge, this 
natural question was first addressed in the literature on concurrency theory in the paper [16]. In that paper, 
Graf and Sifakis offered a translation from recursion-free terms of Milner's CCS [27 ] into formulae of a 
modal language representing their equivalence class with respect to observational congruence. 

Can one characterize the equivalence class of an arbitrary finite process — for instance one described 
in the regular fragment of CCS — up to bisimilarity using HML? The answer is negative because each 
formula in that logic can only describe a finite fragment of the initial behaviour of a process — see, 
for instance, ID for a textbook presentation. However, as shown in, e.g., lfl8l l34l . adding a facility 
for the recursive definition of formulae to (variants of) HML yields a logic that is powerful enough to 
support the construction of characteristic formulae for various types of finite processes modulo notions 
of behavioural equivalence or preorder. 

Following on the work presented in those original references, the literature on concurrency theory 
offers by now a wealth of examples of characteristic-formula constructions for various behavioural re- 
lations over finite labelled transition systems, Kripke structures and timed automata that are defined in 
terms of fixed points of suitable functions. (See, for instance, the references [313 El ED [23] HH.) Such 
constructions and their proofs of correctness have been developed independently, but have a common un- 
derlying structure. It is therefore natural to ask oneself whether one can provide a general framework 
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within which some of the aforementioned results can be recovered from general principles that isolate 
the common properties that lie at the heart of all the specific constructions presented in the literature. 
Not only do such general principles allow us to recover extant constructions in a principled fashion, but 
they may also yield novel characteristic-formula constructions 'for free'. 

In this study, we offer a general view of characteristic formulae that are expressed in terms of logics 
with a facility for the recursive definition of formulae. The proposed framework applies to behavioural 
relations that are defined as fixed points of suitable monotonic functions. Examples of such relations 
are those belonging to the family of bisimulation- and simulation-based semantics. We show that if, in 
a suitable technical sense defined in Section [3l a recursively defined logical formula expresses the func- 
tion underlying the definition of a behavioural relation, then the largest interpretation of that formula is 
exactly the characteristic formula for the derived behavioural relation. (See Theorem 13.31 ) Using this 
result, we are able to recover, as instances of the proposed general framework and essentially for free, 
several examples of characteristic-formula constructions from the literature. In particular, we focus on 
simulation [29], bisimulation II271I291 , ready simulation (3] [241, and prebisimulation semantics ll26l . In 
addition, we show that the framework can be used to yield novel constructions. By way of example, we 
provide characteristic formulae for back and forth bisimilarity, back and forth bisimilarity with indistin- 
guishable states ifTTTl and extended simulation semantics [37]. 

We trust that the general view of characteristic-formula constructions we provide in this article will 
offer a framework for the derivation of many more such results and for explaining the reasons underlying 
the success of extant constructions of this kind in the literature. 

Roadmap of the paper The paper is organized as follows. In Section [2] we describe the theoretical 
background the paper relies on. Section [3] contains the main theorem of the paper whereas Section [4] is 
devoted to its applications. Finally in Section[5]we give some concluding remarks. 

2 Some theoretical background 

In this section we provide the theoretical background needed in the paper. 
2.1 Fixed points, prefixed points, and postfixed points 

Let X be a set and & : £P(X) — > <$^(X) be a monotonic function, i.e. a function that preserves the order 
C. A set S C X is a. fixed point of & if &(S) = S, a prefixed point of & if &(S) C S, and a postfixed 
point of & if S C &(S). By Tarski's fixed-point theorem [36], & has both a unique largest fixed point 
given by union of all its postfixed points: 

Fix& = \]{S C X | S C &{S)} 

and a unique least one given by the intersection of all of its prefixed points: 

fix3? = [ > \{SCX\ &(S)CS}. 

The largest fixed points of such functions are commonly used as the basis for many co-inductively defined 
behavioural semantics as we will see later in the paper. 
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2.2 Logic 

We assume a formal specification language or logic ££{Var) defined over a set of variables Var and 
ranged over by F, possibly with subscripts. We often write Jzf for J£(Var) if the set of variables is clear 
from the context. 

We also involve a function D : Var — > called a declaration; the declaration can be viewed as 
providing us with a system of equations over Var that decides the meaning of each variable. 

We interpret the language over a given set P. For this purpose we assign to each variable a set of 
elements in P for which this variable holds true. To cater for this, we use a function a : Var — > ^(P), 
called an environment. Let Env{Var) be the set of all environments (ranged over by a) whose domain 
is Var. Again, we often write Env for Env (Var) if the set of variables is clear from the context. Ordered 
under the pointwise set inclusion, which we again refer to as C, Env is a complete lattice with respect to 
the induced pointwise (J and C] as the least upper bound and the greatest lower bound respectively. 

For each environment a : Var — > ^(P), we let |= C (Env x P) x Jz? be a relation, with the condition 
that for each X G Var, we have (o,p) \= X if and only if p G o(X). A language is monotonic if for every 
p G P, formula F and environments di and 02, {<5\,p) \= F implies (02,/?) |= F, whenever Oi C 02- 

A declaration function D induces a function [D] : Env — > Env defined by 

m°)(x)={p\(°,p)hD(x)}. 

Monotonicity of the language guarantees that [[D]] is monotonic. We say that D is monotonic whenever 
[[D]] is. If JD]] is monotonic it has both a largest and a least fixed point over Env which we refer to as 
a max ( tne largest interpretation of D) and a^ in (the least interpretation of D) respectively. We also drop 
the superscript D as the meaning should be clear from the context. 

In this study we assume that Var is indexed over some set P, i. e. Var = {X q \ q G P}. We say that the 
largest interpretation of a declaration D gives the characteristic formula for a binary relation S over P if, 
for all p,q G P, 

pea^ x (x q )^(p,q)es. 
Characteristic formulae given in terms of least interpretations are defined similarly. 

3 Expressiveness up-to a relation and characteristic formula 

In this section we show how we can derive a characteristic formula for a semantic relation directly from 
the logical description of the monotonic function that defines the relation. To obtain this, for S C P x P, 
we define the environment Os by 

Os(X q ) = {p€V\{p,q)€S}, 

for each q G P. 

Definition 3.1 Given a function & : ^(P x P) — > ^(P x P), a declaration D : Var — > Jzf and a set 
S C P x P, we say that D expresses & up to S if for any p,q G P, 

(o s ,p)\=D(X q )& (p,q)€&(S). 

Next we prove that when D expresses & up to S then the post- and prefixed points of [Dj correspond to 
the post- and prefixed points for 
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Lemma 3.2 Assume that J^" : <^(P x P) — > ^(P x P) jj a monotonic function and D : Var — > Jzf « a 
monotonic declaration such that D expresses £P up to S. Then the following hold: 

SC^(S) & a s Q[[D]]a s , (1) 

and 

&(S) C S |D]os C OS. (2) 

Proof Assume that : ^(P x P) — > ,5s 2 (P x P) is a monotonic function, D is a monotonic declaration, 
and 5 is a relation for which D expresses up to S. We will only prove (Q~|) as the argument for (O is 
similar. Towards proving (Q]), first assume that S C J^(S) and that u £ Os(X v ) for some u,v £ P. By the 
definition of as, («,v) £ S C ^(S). Then, as D expresses ^ up to S, u £ [[D]]gs(X v ). 

Next assume that o s C [[D]]a 5 and that (it,v) £ S. This implies that m £ <7 S (X V ) C [[D]]a 5 (X v ). As D 
expresses & up to S, we have that (w,v) £ <^(S) as desired. □ 

The following theorem states that if the declaration D expresses & up to S for every relation S then the 
largest fixed point of [D] characterizes the largest fixed point of JF. This means that D, under the largest 
interpretation, defines the characteristic formula for Fix & ' . For the sake of completeness, we prove a 
similar result for the least fixed points although at this point we have not found any concrete applications 
of that result. 

Theorem 3.3 Assume that : £P(P X P) — ► ^(P X P) is a monotonic function and D : Var — > Jzf is a 
monotonic declaration such that D expresses up to Sfor all S C P x P. Then for all p,q £ P, 

1- (o max ,p)^X q <^ (p,q) £Fix^,and 

Proof Assume that & : x P) — > ^(P x P) is a monotonic function and D is a monotonic declara- 
tion that expresses & up to S for every relation S; that is, for each SCPxP and p,q £ P, 

(a s ,p)^D(X q )^ (p,q)e&(S). 

1. We prove that for each p,q £ P, 

(<W,/>) \=X q & (p,q) eFix^, 

or equivalently that 

P £ cr max (X 9 ) (p,g) £ F/xJ^. 
We prove each of the implications separately. 
=X First define T = {(u,v) \ u £ a max (X v )}. Then for all u,v £ P, 

« £ a T (X v ) 44> («,v) £ T o m £ a max (X v ). 

This implies that a max = ; in particular Oj is a fixed point, and hence a postfixed point of 

Towards proving the statement, assume that £ <7 max (X 9 ). Then as is a postfixed point of 
[D] and a max = a r , 

/>£a r (X,)c[[D]]a r (X 9 ). 

Since D expresses & up to T, we may apply O in Lemma [3721 to obtain T C J£"(r). There- 
fore, as £ r, we have that (p,q) £ Fix 3 ' . 
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<=: Assume (p,q) G Fix^ . As Fix^P = ^(Fix^) and D expresses & up to Fix^ , by O in 
Lemma [3^21 we have that 

As (p,q) G Fix^ implies p G G Fix ^{X q ), this in turn, implies that p G a max (^)- 
2. Now we prove that for each p,q G P, 

(Oimn,/>) (P>?) ^fix^, 

or equivalently that 

P G a m ; n 

We prove each of the implications separately. 
=>: Assume 

p G cTminpQ) = P| a(X 9 ). 

In other words, for all a, [[£>]]a C a implies that p G <J(X 9 ). We will prove that (p,q) G 
fix& = n«^(s)cs^ or equivalently that for all S, <^(S) C 5 implies that G 5. Towards 
proving this, assume that <^(S) C 5. We aim at showing that (p,q) G 5. Since D expresses 
& up to S, by (O in Lemma [3721 [[£>]] as C (75. By the assumption above, this implies that 
p G Os(Xg), or equivalently (p,q) G 5. 

■<=: Assume that (p,q) Gfix^P = f)&(s)csS< or equivalently that for all S C P, =^"(5) C 5 implies 
that G S. We will prove that 

p G a min (X 9 ) = p apQ. 

p)]aCa 

To prove this, it is sufficient to prove that for each environment a, 

[[D]](J C a implies p eo(X q ). 

Towards proving this, assume that [[£>]] a C a. Define 

T = {(u,v) \ ueo(X v )}. 

Then 07- = a and therefore [fljoy C Oj- Since D expresses up to T, by (O in Lemma 
13.21 this implies that &(T) C T. This in turn implies that (p,q) G T and therefore that 
p G OriXq) = ct(X 9 ) as we wanted to prove. □ 

We have the following corollary. 

Corollary 3.4 If a declaration D expresses a monotonic function ^ {over &(P X P)j up to any relation, 
then the largest interpretation ofD gives the characteristic formula for Fix & '. 
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3.1 Some Observations about Fixed Points 

As usual, for a relation S C P x P, we let = {(p,q) \ (q,p) G S}. Furthermore we define M*(S) = 
(^"(S -1 )) -1 . We have the following properties: 

Lemma 3.5 The following hold. 

1. The function S i— > S~ l is monotonic and bijective. 

2. If ' & is monotonic then ^* is monotonic. 

3. Fix&* = (Fix&y 1 . 

Proof The proofs of 1 — 2 follow directly from the definition of S~ 1 and J^"* and we only give the details 
of the proof of 3. We proceed with this proof as follows: 

(p,q) G Fix&* ^ 3S.(p,q) £SQ,^*(S)^ 

3s.( P ,q) esc (^(s- 1 ))- 1 & 

3S.(q,p) £S~ l Q^(S~ 1 )^ 

3R.(q,p) £RCJ?(R)& 

(q,p) G Fix & ^ (p,q) G (Fix^y 1 . 

□ 

4 Applications 

In this section we will describe how the general result of Theorem [33] can be applied to concrete exam- 
ples. 

We will base these results on variations of a labelled transition system defined as a triple P = 
(P, A, — ►), where 

• P is a set, 

• A is a set of labels and 

• — >C P x A x P is a transition relation. 

As usual, we write p p' for (p,a,p') G — ►. We often think of P as a set of processes, A as a set of 
actions, and p — ► p' as a transition from process p to process p' via action a. We write p — > if there 
exists a q such that p — ► q, and we write p -A^ if there is no such q. 

All the characteristic-formula constructions we describe in this section apply to labelled transition 
systems, and variations on that model, for which the underlying set P and the set of labels A are both 
finite. 

We will also use variations of the following language. Given a set Var of variables and a set A of 
actions, we define the language J? (Var, A) to be the standard Hennessy-Milner Logic with recursion 
(HML) — see, for instance, [22] — , given by the grammar 

F ::=tt | ff \X | F 1 AF 2 | Fi VF 2 | {a)F l \ [a]F u 
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where X G Var and a G A. 

Given a labelled transition system P = (P,A, — >), a language Sf(Var,A), and an environment 
a : Var — » ^(P), we define the semantics of the language by a relation |= between Frav(\for) x P and 
Jz? (Vfor,A), where (<7,p) (= F will be read as "F is true at p with respect to a", and we let ^ be the 
complement of |= in (Env(Var) x P) x «Sf (Var, A). The relation |= is defined by 





M 


iff 


p gP 




hff 


iff 


(ff,/>) ^ff 






iff 


p G a(X) 


<7,p) 


(=Fi AF 2 


iff 


(o,p) [=Fi and (a,p)^F 2 




N^i vf 2 


iff 






H («>*i 


iff 


(o,p') \= F\ for some // for which p - 






iff 


(o,p') \= Fi for all // for which p 



One can easily check that the logic is monotonic and therefore the largest and least fixed point con- 
structions, as described in the Section [3) naturally apply. We use the standard abbreviations ALi^' f° r 
Fi V • • • V F„ and V"=i ^ for Fi A • • • A F„. We also set A°=i Fi = tt and F i = ff- Because A and V are 
commutative and associative, we may generally specify a finite index set rather than use an enumeration 
of formulas. 

The following behavioural equivalences are defined as the largest fixed points to monotonic func- 
tions. 

4.1 Simulation E91 

Given P = (P, A, — ►) and S C P x P, let J^ m (S) be defined such that 

(p,q) G ^sim{S) iff for every a G A and p' G P, 

if p — > p' then there exists some q' G P such that q — > q' and (p',q f ) G S. 

As &sim is a monotonic function over ^(P x P), by Tarski's fixed point theorem, & has a largest fixed- 
point, which we denote by Q s im- 

We now search for characteristic formulas for C s;m in the language ££ (Var, A), where Var = {X p \ 
p G P}. First note that, for each SCPxP, 

(p, q) G J? sim (S) & (a s ,p) \= f\ [a] ( \/ X<i> ) ■ 

aeA q'.q-^q' 

Then, by Corollary 13.41 the characteristic formula for C i(m is given by the largest interpretation of the 
declaration 

D^,M=f\[a}( \/ 

The result above shows that to characterize Q s im we only need the fragment of HML that includes V, A, [a] 
for a G A, and a set of variables indexed over P. 

We now show how we can use Lemma [331 to characterize 3«m= (E«m) ! , that is, where p ^ s im q if 
and only if q C S!m p. The third component of the lemma gives us □ JJ - m = Fix(^* im ). We eventually aim 
to characterize simulation equivalence, i. e. the intersection of two preorders, and it is thus helpful to use 
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a new set of variables Var' = {Y q \ q G P} disjoint from Var. We get the following: 

M € &Z im (S) o (q,p) G ^ sim (S- 1 ) ^ 

Va G A,g' EP.q^q' ^3p' e P.p ^ p'&{q',p') G S~ l & 
Va G A,a' G P.g q' => 3p' G P.p p'&(p',q') £5^ 

Then, by Corollary 13.41 the characteristic formula for □ iim is given as the largest interpretation of the 
declaration 

/ a i 

a,q .q — *q 

To characterize □ V!m we only need the fragment of HML that includes A, (a) for a G A, and a set of 
variables indexed over P. 

We can finally use these to define a characteristic formula for simulation equivalence. Define ~ sim 
such that p ~ sim q iff p tZ sim q and p □ „•„, q. Then 

P ~sim 9 0£x W a Eax 5 />) H X q A F 4> 

where cii t±J 02 is defined on domain(c\ ) U domain{o2) if domain{o\ ) D domain{o2) = as 

, , f <7i(z) if z G domainiO]) 
[ °2 (z J otherwise. 

In this case we use the full logic HML. 
4.2 Strong bisimulation 12911271 

Given P = (P,A, — ►) and S C P x P, let &bisim(S) be defined such that 
0,9) G ^bisim(S) iff for every a G A, 

1. if /? -^-> //, then there exists q' G P such that 17 -^-> q' and (p',q') G 5, and 

2. if g — > g', then there exists // G P such that p — ; > p' and (p',q r ) G 5. 

As ^usim is monotonic, it has a largest fixed point, which is the seminal notion of bisimulation equiva- 
lence that we denote by ~bisim- 

As in the case of simulation, the first clause is translated into 



MNAH( V 

and the second one into 



aeA q '.q-Uqi 



(a s ,p) h A <«>V 

a,q .q — >q 

Then, by Corollary 13.41 the characteristic formula for ~bisim is given by the largest interpretation of the 
declaration. 

D bisim (X q )= AH( V X q >) A A W'- 

aeA q'.q-^q' 

This is exactly the characteristic formula proposed in lfT8ll . 
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4.3 Ready simulation 131 1231 

Given P = (P,A, — ►) and S C P x P, let & RS {S) be defined such that 
(p,q) G &rs{S) iff f° r every a € A and q 1 G P, 

1. if g q\ then there exists // G P such that p p' and (p',q r ) G 5, and 

2. if /? — then q 

Clearly the second clause can be rewritten as "if q then p f— Also note that J^rj is monotonic. 
We denote the largest fixed point of ,^ RS by □rso 

In HML, p y^-> if and only if p (= [a].//". Therefore, for each 5 C P x P, we have 

(p,q) G ^ ((T S ,p) h A («)^' A A Wf- 

a,q' .q-^q' a.q-/—> 

By Corollary 13-41 the characteristic formula for is now given as the largest interpretation of 

D RS (x q ) = a A A Wf- 

a,q' .q-^q' a.q-/—> 

4.4 Back and forth bisimulation 

So far our examples of applications of Theorem 1 3 . 3 1 have only included known cases from the literature, 
i. e. where both the semantic relation and its characteristic formula already exist. In this section we will 
introduce a new semantic equivalence. This is a variant of the back and forth bisimulation equivalence 
introduced in [10] that assumes several possible past states. The semantics introduced in ifTOl assumes 
that the past is unique and consequently the derived equivalence coincides with the standard strong 
bisimulation equivalence. This is not the case for the multiple possible past semantics considered here. 
The introduction of this behavioural equivalence serves as a stepping stone towards the one introduced 
in the subsequent section. 

Given P = (P, A, — ►) and 5 C P x P, let ^ hfh {S) be defined such that 

(p,q) G ^bfb(S) iff for every a G A 

1. Vy G P.p p' => 3q' G P.q q' and (p',q') G S, 

2. V G P.q q' 3p' G P.p p' and (p',q') G S, 

3. V G P.p' p 3q' G P.q' q and (p',q') G S and 

4. V</ G P.q' q => V G P.p' p and (//,</) G 5. 

To express such behaviour in the logical language considered so far, we add two operators (a) and 
[a] to it for every a G A. The semantics for these is given by 

(o,p) \= (o)Fi iff (<y,p') \= F\ for some p' for which p' —> p and 
(o,p) \= [a]Fi iff (o,p r ) \= F\ for all p' for which // — ; > p. 

Clearly these new operators are monotonic. As in the case for bisimulation equivalence, for each S C 
P x P, the first two clauses translate into 

MNAH( V A A 

q' .q-^q' a,q'.q-^q' 

1 We choose □ rather than the more familiar C in order to both use the commonly characteristic formula and establish greater 
uniformity with the notation used elsewhere in the paper. 
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The second two clauses involve the new operators: 

MHAi V *</') A A 

q'.q'-^q a.q 1 .q 1 -^q 

Then, by Corollary 13.41 the characteristic formula for ~ b fb is given by the largest interpretation of the 
declaration 

D bfb (X q )= f\[a]{ V ^')A A W' A 

qi .q-^qi a,q'.q-^q' 



/\[a}( V A A 

q'.q'-^q a,q'.q'-^q 

4.5 Back and forth bisimulation with indistinguishable states IfTTTl 

In this section we consider a version of the back and forth bisimulation from the previous section where 
some of the states are considered indistinguishable by some external agents. For this purpose we augment 
our notion of labelled transition systems with a set J? of identities (or agents) and a family of equivalence 

relation { • • • C P x P | i G J?}. Such a structure is called an annotated labelled transition system ifTTl and 
is written as (P, A, — >, J?, • • •). 

Given such a structure let ^bfbid{S) be defined such that 

(p,q) G ^bfbid{S) iff for every a G A and i G J> , 

1. V eP.p -^p' 3q' G V.q q' and (p',q r ) € S, 

2. Vq' G P.q q' 3p' G P./? p' and G 5, 

3. V GP.y -^p 3q' G PV g and (/>',</) G S, 

4. V?' eP. ? '^^Ve P.y p and G S, 

5. V/ G P./? • : • p' 3q' G P.q • '■ • q' and (p',q') G S and 

6. V G V.q • • • q' => 3p' G P.p and (//,?') G 5. 

We denote the largest fixed point of ^bfbid by We use the logical language for back and forth 

bisimulation from Section l4~4l and add to it the operators (/) and [/] for each i G JF . The semantics for 
these operators is given by 

{PiP) \= {i)F\ iff {o,p') \= F\ for some p' for which p p' and 
(o,p) \= [i]F\ iff (o,p') \= F\ for all p' for which p ■■■ p' '. 

These new constructions are clearly monotonic. As for the case for back and forth bisimulation, the first 

four clauses of ^bfbid{S) can be translated into 



MHA[ fl ]( V X <f) A A ( a )Xq' a 



£i£A q> q-!L,qi a.q'.q- 



A[«]( V **0 a A 

a€A q'.q'-^q a,q'.q'-^q 

and the last two clauses into 



MhAWf V a A <'>V 



q'.q-q' l,g .q-q 1 
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Then, by Corollary 13.41 the characteristic formula for ~bfbid is given by the largest interpretation of the 
declaration 

D bfh {X q )= f\[a}{ \/ X q ,) A /\ {a)X q ,A 

n P A i a i i a i 

uKzn. q> q — V qt a,q'.q — >q' 

/\[a}( V X*) A A W<t A 

a€A qi qtJLj,q a,q'.q'-^q 

AW( V *«0 A A 

<r-<7--y <,qq-q 

As a consequence of the existence of this characteristic formula, we obtain a behavioural characteri- 
zation of the equivalence over states in an annotated labelled transition system induced by the epistemic 
logic studied in iTTTTl . (More precisely, the logic we study in this section may be seen as the positive ver- 
sion of the one studied in ifTTI . where we use the modal operator [i] in lieu of K(, read "agent i knows", 
and its dual.) This solves a problem that was left open in the aforementioned reference. 

Theorem 4.1 Let p,q G P. Then p ^bfbid <? if an d only if, p and q satisfy the same formulae expressible 
in the logic considered in this section. 

4.6 Prebisimulation J261I35H 

We now extend the original labelled transition system with a convergence predicate [ as found in |[26l . 
We write p j for p G|, and we interpret p j to mean that the process p converges. If p we write p f, 
and understand it to mean that the process p diverges. 

Given (P, A, — [) and S C P x P, we define ^ prh is{S) such that 

(p,q) G ^ P rbis{S) iff for every a G A, 

1. for all q' G P if q — * q' then there exists p' G P such that p — — > p' and (p' ,q') G S, and 

2. if q i, then both of the following hold: 

(a) p i and 

(b) for all p' G P, if p — — > p' then there exists q' G P, such that q — > and (p',q') G 5. 

As ^prbis is monotonic, it has a largest fixed point □ nrtoH known as the prebisimulation preorder. 

To characterize this preorder we use an intuitionistic version HML,„ ? of the standard HML. The 
syntax is the same as before, but the definition for [a]F is now 

(o,p) (= [a}F iff p i and (o,p f ) (= i 7 for all // for which p — ► p'. 

This implies that the first defining clause is the same as for simulation 

(a s , P ) h A W'> 

a,q .q — >q' 



whereas the second one can be expressed as 



NaeM{\l q <. q ^U q < X q>) if( ll 



otherwise. 



For a similar reason as for the ready simulation, we use ^p r ^ rather than CI prbu 
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This can be written differently as 

MhAkK V **)v {*!?!}, 

where the notation \/{tt \ q f } means that the disjunct # is present only when q f. 

Now, by Corollary 13.41 the characteristic formula for □prw.v is given as the largest interpretation of 
the declaration 

D prhis (X q )= /\ (a)X q ,A[/\[a}( \/ X q ,)y {tt \ q ]}]. 

a.q' .q-^q' a€A q' .q-^q' 

4.7 Extended simulation fl37]] 

We now consider labelled transition systems augmented with a preorder relation C A over the set A of 
labels. Given (P, A, — >, C A ) and S C P x P, we define <^ ext such that 

(p,q) G ^ e xt(S) iff for every a G A, 

if p —>■ p' then there exists q' G P and & G A such that a C A ft, g —* q', and (p',q') G 5. 
We denote the largest fixed point of & eM by Q ext . 

To define the characteristic formula for \Z ext we use the standard HML with recursion. First note that 
for each S C P x P and p, q G P 

( P ,q) e & ext (s) o (<*,/>) h A H( V V 

9-9 — >4 

By Corollary 13.41 the characteristic formula for Q ext is therefore given as the largest interpretation of 

4w=M«]( V V *<?')• 

aGA b.afZ\b , b , 

As with simulation, we use Lemma [331 to characterize □<>»= (C exf ) _1 . We get that the characteristic 
formula for this preorder is obtained as the largest interpretation of the following declaration: 

D=L(x q )= A A V 

5 Conclusion 

This paper provides a general view of characteristic formulae for suitable behavioural relations. The re- 
lations of interest are those that can be defined by largest or smallest fixed points of monotonic functions, 
which can be expressed by declarations over a given language. Theorem 13.31 shows that a declaration 
that expresses such a function can be viewed as the characteristic formula of either the largest or least 
fixed point of the function. We have explored a number of applications of this theorem, some in re- 
covering characteristic formulae already discovered, and some being novel constructions. But each of 
the behavioural relations we consider are largest fixed points of functions, and we hope future work can 
yield characteristic formulae for interesting least fixed points as well. There are still, however, many 
other largest fixed points that may be applications of this theorem. These include weak bisimulation 
equivalence (27]], weak bisimulation congruence (271, branching bisimulation equivalence [ 15 ], resource 
bisimulation equivalence O, and g-bisimulation equivalence [33]. 
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